Google Threat Intelligence reveals widespread exploitation of CVE-2025-8088 by Russian APT groups, Chinese actors, and cybercriminals. The WinRAR path traversal flaw enables payload delivery via the Windows Startup folder, with active campaigns targeting Ukraine, LATAM, and financial sectors.
The North Korean threat group Konni has launched a new campaign using AI-generated PowerShell malware to target blockchain developers across the APAC region, marking a significant shift toward technical targets and cryptocurrency infrastructure.
Microsoft announces NTLM will be disabled by default in upcoming Windows releases, marking the end of the 30-year-old authentication protocol that has been a persistent security vulnerability.
CVE-2026-24061 is a critical 11-year-old vulnerability in GNU InetUtils telnetd that allows unauthenticated attackers to gain instant root shell access. With a CVSS score of 9.8 and active exploitation confirmed, this flaw affects over 200,000 devices running Telnet servers globally, including embedded systems, IoT devices, and OT infrastructure.
Two critical CVSS 9.8 vulnerabilities in Ivanti Endpoint Manager Mobile (CVE-2026-1281, CVE-2026-1340) are under active exploitation, allowing unauthenticated remote code execution. CISA has added them to the KEV catalog with a February 1 federal deadline.
Two actively exploited pre-auth RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile allow attackers to execute arbitrary commands via Bash arithmetic expansion. CISA has added these to the KEV catalog.
Threat actors are abusing the Hugging Face AI platform to host Android malware, using server-side polymorphism to generate thousands of RAT variants every 15 minutes.
SmarterTools patches critical CVE-2026-24423 (CVSS 9.3) unauthenticated RCE vulnerability in SmarterMail email server. Two other flaws including one under active exploitation also addressed. Update immediately.
The Aisuru/Kimwolf botnet launched the largest DDoS attack ever publicly disclosed, peaking at 31.4 Tbps and 200 million requests per second in Cloudflare’s ‘Night Before Christmas’ campaign.
Match Group confirms cybersecurity incident after ShinyHunters voice phishing campaign compromises SSO account, exposing data from popular dating apps including Tinder, Hinge, OkCupid, and Match.com.
